问题
First of all, sorry if the question is unclear due to my poor knowledge.
I'm interested to know how apache calls the appropriate engine/invoker to serve a request. Suppose, user requests a http://somesite.com/someurl.php - now how apache determines that it needs to launch the PHP interpreter? Does apache determines so based on the file extention/MIME type or anything else?
What I know is: I can configure apache to invoke certain interpreters based on file's extension, by something like:
AddHandler cgi-script .cgi .py
# Tells apache to treat .cgi & .py files to treat as cgi scripts
Why I'm concerned about it? Recently, I came to know from my question ( PHP file upload: mime or extension based verification? ) that if some user uploads a file with wrong MIME type (i.e image/jpeg) but with an extention .php the file can get executed (assuming it has got execution permission) and malicious php code included with the EXIF meta-data can do harmful things.
回答1:
It depends entirely on how the server is configured. By default, Apache always uses the default handler which simply serves the content of the file. However, you can change that using the SetHandler directive. This directive can be placed literally anywhere in the configuration, including <Files> or <Directory> or <Location> blocks, making it possible to set the handler based on the filesystem path, URL prefix, or pretty much any other variable Apache can access.
It is particularly common to set the handler based on the filename extension, though, so Apache provides the AddHandler directive as a shortcut for doing so.
For more details, have a look at the handler documentation.
P.S. For what it's worth, filesystems normally don't store MIME type data, so Apache normally has to guess at the MIME type of a file by examining the extension.
来源:https://stackoverflow.com/questions/7351948/how-apache-calls-invokes-the-appropriate-handler-interpreter